Hackers Accessed Data From 29 Million Facebook Users

[MacRumors]

Two weeks ago, Facebook announced that it discovered a security breach allowing hackers to steal Facebook data from millions of accounts, and today, Facebook shared further data on just what was accessed.

To get the Facebook data, hackers took advantage of a security flaw in the social network's "View As" code, a feature designed to let people see what their profile looks like to someone else. The Facebook access tokens that hackers were able to obtain are basically digital keys that allow people to stay logged in to Facebook.

According to Facebook, hackers used a set of accounts that they controlled that were connected to Facebook friends. An automated technique was used to move from account to account, allowing them to collect access tokens in September 2018.

Hackers were able to obtain timeline posts, friend lists, groups, and the names of recent Messenger conversations from an initial 400,000 people. People in this group who were Page admins of a Page that had received a message from someone on Facebook had the content of their messages stolen.

After stealing data from the 400,000 people attacked first, Facebook used their friends list to steal access tokens for approximately 30 million people.

For 15 million people, attackers were able to access name and contact details that include phone number and email address.

For 14 million people, hackers were able to access the same information as well as other data that includes username, gender, location, relationship status, religion, hometown, current city, birthdate, device types used to access Facebook, education, work, the last 10 places where they checked in, websites, people, Pages they follow, and 15 most recent searches.

An additional 1 million people had their access tokens stolen but no information was obtained.

According to Facebook, people can find out whether or not they were affected through the Facebook Help Center. Over the "coming days," Facebook plans to send customized messages to the 30 million people who were affected to explain what information hackers might have obtained.

The FBI is investigating the attack and Facebook has been asked "not to discuss who may be behind [the] attack."

Article Link: Hackers Accessed Data From 29 Million Facebook Users

 

[rpmurray]

The FBI is investigating the attack and Facebook has been asked "not to discuss who may be behind [the] attack.

It's the Russians.

 

[TokMok3]

This is the new Yahoo..

 

[vegetassj4]

This is like the guy that sat on the toilet at 11:59 pm and got off at 12:01 am....Same S*** Different Day.

 

[iapplelove]

And people looked at me crazy when I say I never had a FB account..

 

[AngerDanger]

Are you #2cool4facebook? Let us know below because we are extremely interested.

 

[HiRez]

Let’s see how long it takes this number to balloon to over 100 million.

 

[EdT]

I don’t see this as news anymore. Unless people immediately lose money or have their credit destroyed overnight 99% of Facebook users don’t care that their (so called) private information is being viewed and at some point mis-used.

 

[0815]

don't think anybody still on FaceBook is expecting any kind of privacy or data protection ... at least I hope that's the case since they are over and over in the news for violations, bad practices and stuff like this. Deleted my account many many years ago and didn't miss it a day. I deleted it after they started sharing with my friends which articles from 'partner' web sites I was reading (even when I was not actively logged into the webpage) - not that I had to hide anything, but I wanted to be in control what is shared and what not (they discontinued the 'feature' a short time after introducing it) it also annoyed me that they kept 'improving' the security setting and every time were resetting it to the default (which was back than sharing everything with everyone) and you had to drill down deeper and deeper to keep it from sharing stuff (not sure if they still do that garbage ... I don't care anymore)

 

[BootsWalking]

I'm not sure it's useful to differentiate between hackers stealing your personal data vs Facebook willingly selling it to others. The net effect is the same.

 

[elvisimprsntr]

Never had one, never will.

 

[Appurushido]

These hacks about stolen info from Facebook, CC companies, Target, stores your purchased from, Equifax, online places etc. is all too common now. People are so conditioned to know it will happen again and they won't get any restitution nor any punishment will take place against these companies for failing to protect our information.

 

[jonnysods]

Its unfortunate. But I don't care as much about this stuff as I would having my banking hacked. Nothing is physical anymore!

 

[TheSourceOfTruth]

The FBI is investigating the attack and Facebook has been asked "not to discuss who may be behind [the] attack.

It's the Russians.

Blaming everything on Russians is the wrong way forward.

 

[white4s]

Lol exactly why I have zero personal info on there other than the obvious. People that fill out their profiles to the full extend are wild

 

[magicschoolbus]

The FBI is investigating the attack and Facebook has been asked "not to discuss who may be behind [the] attack.

It's the Russians.

Or China, or North Korea, or Iran.

Glad I deleted my account in 2016.

 

[eeboarder]

It's astounding that people are so willing to give so much personal data to a company.

 

[EdT]

These hacks about stolen info from Facebook, CC companies, Target, stores your purchased from, Equifax, online places etc. is all too common now. People are so conditioned to know it will happen again and they won't get any restitution nor any punishment will take place against these companies for failing to protect our information.

Beyond a small few most people never got upset about information privacy invasion. The “cost” of losing some privacy was worth the convenience of connecting with family and friends easily in a ‘at-your-convenience’ mode. And if something really bad happens it’s difficult to prove it was FB or whatever once a short time has passed.

 

[DotCom2]

FB+G=EVIL

 

[magicschoolbus]

It's astounding that people are so willing to give so much personal data to a company.

This 1000%..

People need to realize that everytime you check or submit info to these sites; you are pretty much walking into a store and giving whoever is behind the counter your personal information in return for use of their services.

Just imagine walking into a store and the person behind the counter saying; Hi, in order to proceed, please let me know your gender, relationship status and whom you're involved with, your closest circle of friends, interests, political interests, religion, location data, your career field, your employer, and also please submit photos of yourself, pets, friends, and family in order to proceed.

What would you do? How would that make you feel?

 

[supercoolmanchu]

Blaming everything on Russians is the wrong way forward.

Agreed.

But we can blame Russians for their dressing, and for making pastrami sandwiches delicious.

 

[PlainviewX]

Take your time Facebook it's not like 30 million people had vulnerable information out there or anything.....

 

[coolfactor]

It's not clear to me exactly how they obtained the info. Did they bypass the website and access the FB databases directly? I'm pretty sure that is not possible. Access is only via the FB software powering the website. Sure, they had the keys, but were they scraping 30 million page renders for the information?

 

[PlainviewX]

It's astounding that people are so willing to give so much personal data to a company.

You have an iPhone? You have cell phone service? You have internet service? Have a credit card? You gave far more info to those companies than the overwhelming majority gave Facebook.

 

[MacFather]

Deleted.